Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3135322e38392e3132362e302f32342d3234203d3e20313734.roa
File:                     3135322e38392e3132362e302f32342d3234203d3e20313734.roa (raw, json)
Hash identifier:          7hhZ7MNBEG0sBpIqiIbwNJeABcnSe3ey60tHr1izmjM=
Subject key identifier:   D1:D0:D2:4D:7A:44:27:7C:24:98:7A:97:D9:BC:02:82:43:9E:2F:EA
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       1A9DC527403CA0FC818EC34361CF5D30723A9841
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3135322e38392e3132362e302f32342d3234203d3e20313734.roa
Signing time:             Fri 24 Oct 2025 09:25:38 +0000
ROA not before:           Fri 24 Oct 2025 09:20:38 +0000
ROA not after:            Fri 23 Oct 2026 09:25:38 +0000
asID:                     174
IP address blocks:        152.89.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 17:27:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:9d:c5:27:40:3c:a0:fc:81:8e:c3:43:61:cf:5d:30:72:3a:98:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Oct 24 09:20:38 2025 GMT
            Not After : Oct 23 09:25:38 2026 GMT
        Subject: CN=D1D0D24D7A44277C24987A97D9BC0282439E2FEA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:87:33:9d:b1:99:0e:22:d9:37:86:3a:23:f4:
                    7d:7e:25:2e:7f:7a:5b:0f:62:a6:e4:64:1f:f6:86:
                    85:29:c1:da:8d:1c:b4:10:35:a8:8d:3b:21:c0:ac:
                    58:ee:de:1b:92:0a:7f:0d:20:9e:48:1e:9d:e3:83:
                    92:ce:7a:3d:52:db:b7:b7:3b:35:b8:a2:27:3f:43:
                    83:0c:c9:71:b9:55:d9:96:0b:66:9d:6f:e9:41:f4:
                    21:14:50:ab:80:8b:a9:09:92:3c:d5:9b:63:91:80:
                    46:08:92:94:4d:3d:4a:42:5d:30:12:f2:b7:52:76:
                    8d:50:aa:46:27:08:02:ec:0e:52:33:0f:6f:e2:ec:
                    bf:2e:00:a3:7d:cb:92:3e:e0:6b:6e:e8:81:cf:e9:
                    dc:e4:7c:07:ca:62:8d:7f:46:ac:63:b3:b5:55:73:
                    1c:3c:a7:85:df:1d:16:ad:d1:43:d6:e3:b5:84:e8:
                    63:30:d3:5b:83:bf:49:c3:91:ab:d5:bc:68:d3:d7:
                    c0:3e:c4:a3:2d:8e:f5:b6:27:77:df:16:9e:5f:d9:
                    ff:34:f0:89:eb:93:20:89:47:74:07:0a:c0:75:a7:
                    78:7d:15:73:d2:ee:5b:0f:05:ad:eb:54:a8:52:3d:
                    4c:b1:6c:9e:15:07:a0:58:7b:e0:d0:4c:19:4d:b7:
                    68:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:D0:D2:4D:7A:44:27:7C:24:98:7A:97:D9:BC:02:82:43:9E:2F:EA
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3135322e38392e3132362e302f32342d3234203d3e20313734.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:fc:96:c9:5c:14:d4:07:e9:00:13:65:ab:52:d1:e5:14:ac:
         80:44:b0:45:af:bc:b5:7d:2f:32:d3:e8:db:7b:55:de:e6:f8:
         e5:a4:59:25:6f:9d:e9:07:f7:ef:2c:4d:de:51:a7:e5:cf:bf:
         dd:61:4f:cf:55:f8:a9:44:22:ad:12:2f:10:6c:c2:2e:8b:d8:
         3a:cb:58:29:ac:d5:2c:8b:ba:05:5d:88:e8:0e:30:51:b0:b3:
         fc:de:04:e7:a2:d8:0c:70:af:1d:e7:aa:e5:0f:84:44:f7:47:
         4c:f0:62:9a:a5:b2:bc:2d:ee:4d:14:c3:9b:fc:c4:40:f5:a4:
         09:55:a7:4b:59:d1:18:dd:61:40:c4:a1:04:ef:fa:ed:aa:be:
         eb:08:ed:c6:ee:00:8f:33:4d:d3:59:0b:ae:24:81:39:8a:67:
         8f:d8:d7:0a:6d:e8:ec:09:ba:b7:2b:35:bc:b6:d4:da:8e:59:
         6a:a7:87:c9:2b:f2:1c:77:3a:8f:a4:27:3f:d9:03:4e:63:bc:
         c6:86:fb:da:4f:82:14:3d:e3:27:6b:ea:de:96:2f:a5:e8:22:
         ea:6e:8e:1c:cb:40:e0:4a:6a:e9:71:10:95:7e:b4:df:d6:64:
         41:72:34:ac:45:d0:37:45:c5:e0:98:8e:7e:9d:cb:80:b0:a1:
         3a:94:9d:ff
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGp3FJ0A8oPyBjsNDYc9dMHI6mEEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTEwMjQwOTIwMzhaFw0yNjEwMjMwOTI1MzhaMDMxMTAvBgNV
BAMTKEQxRDBEMjREN0E0NDI3N0MyNDk4N0E5N0Q5QkMwMjgyNDM5RTJGRUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2hzOdsZkOItk3hjoj9H1+JS5/
elsPYqbkZB/2hoUpwdqNHLQQNaiNOyHArFju3huSCn8NIJ5IHp3jg5LOej1S27e3
OzW4oic/Q4MMyXG5VdmWC2adb+lB9CEUUKuAi6kJkjzVm2ORgEYIkpRNPUpCXTAS
8rdSdo1QqkYnCALsDlIzD2/i7L8uAKN9y5I+4Gtu6IHP6dzkfAfKYo1/Rqxjs7VV
cxw8p4XfHRat0UPW47WE6GMw01uDv0nDkavVvGjT18A+xKMtjvW2J3ffFp5f2f80
8InrkyCJR3QHCsB1p3h9FXPS7lsPBa3rVKhSPUyxbJ4VB6BYe+DQTBlNt2glAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU0dDSTXpEJ3wkmHqX2bwCgkOeL+owHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzNTMyMmUzODM5MmUzMTMy
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM3MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACYWX4w
DQYJKoZIhvcNAQELBQADggEBAID8lslcFNQH6QATZatS0eUUrIBEsEWvvLV9LzLT
6Nt7Vd7m+OWkWSVvnekH9+8sTd5Rp+XPv91hT89V+KlEIq0SLxBswi6L2DrLWCms
1SyLugVdiOgOMFGws/zeBOei2Axwrx3nquUPhET3R0zwYpqlsrwt7k0Uw5v8xED1
pAlVp0tZ0RjdYUDEoQTv+u2qvusI7cbuAI8zTdNZC64kgTmKZ4/Y1wpt6OwJurcr
Nby21NqOWWqnh8kr8hx3Oo+kJz/ZA05jvMaG+9pPghQ94ydr6t6WL6XoIupujhzL
QOBKaulxEJV+tN/WZEFyNKxF0DdFxeCYjn6dy4CwoTqUnf8=
-----END CERTIFICATE-----